question

NSou-6994 avatar image
0 Votes"
NSou-6994 asked SaiKishor-MSFT commented

Is it possible to get Gigabit speed on a P2S connection with VPN Gateway?

Documentation suggests I should be able to get 1 Gbps speeds on a P2S connection, but I'm not. My test setup is as follows (also see diagram):

  • A speed test server in a VNET in US East

  • A VPN Gateway on the same VNET

  • A Windows 10 client in a different VNET in the same region

Without going through the VPN Gateway, the Windows 10 client sees speeds of 1.8 Gbps down and 1.6 Gbps up. However, going through the gateway, it gets about 150 Mbps down and 450 Mbps up. I don't seem to have many options at my disposal for configuring a P2S gateway, so I fear that I am out of luck. I have tried both OpenVPN and IKEv2 tunnel types.
My question: Is there a way to achieve Gigabit speeds through a VPN Gateway with a P2S connection?

My SKUs:

  • VPN Gateway: VpnGw2

  • VM SKUs: Standard D4s v3

6iygaqc57ko61.png


azure-vpn-gateway
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered SaiKishor-MSFT commented

Hi @NSou-6994 ,

Please take a look on the linked page. There is a relationship between the throughput and the algorithm for both IPsec Encryption and Integrity. Best performance you get with GCMAES256.

80270-image.png

Source: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#benchmark

For me it looks like there is only an option in the Site-To-Site connections to configure the algorithm that is used.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten





image.png (177.8 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AndreasBaumgarten , those numbers indicate the maximum number of concurrent connections, not maximum throughput. Further down in the same article, they indicate that they get 1 Gbps with the VpnGw2 SKU. This agrees with the "Aggregate Throughput Benchmark" column of the screenshot you posted. However, the speeds seem to depend on encryption algorithms used and I can't find a way to set these for a P2S connection.

80401-image-5.png


0 Votes 0 ·
image-5.png (34.4 KiB)

You are right. Sorry!
I modified my earlier post.

It looks like there is only an option in the Site-To-Site connections to configure the algorithm that is used.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

0 Votes 0 ·